Path Confusion

Caddy is vulnerable to Path Confusion. The vulnerability is due to incorrect path splitting logic in FastCGI processing, where strings.ToLower is applied before computing byte offsets, causing incorrect SCRIPTNAME, SCRIPTFILENAME, and PATHINFO values for certain Unicode paths and potentially...

SUSE CVE-2026-31710

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...

WordPress plugin Salon Booking System – Free Version 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-requests (SUSE-SU-2026:1647-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1647-1 advisory. - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives a...

CVE-2026-31710

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...

CVE-2026-31710

CVE-2026-31710 — Linux kernel CIFS SMB1 UNIX mounts: A fix addresses incorrect dir separators caused by not updating @cifs_sb->mnt_cifs_flags after reset_cifs_unix_caps() when mounting SMB1 UNIX shares. The root cause is that the POSIX ACLs/paths flags (CIFS_MOUNT_POSIXACL, CIFS_MOUNT_POSIX_PA...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect setting of the CIFSMOUNTPOSIXPATHS bit when mounting SMB1 under UNIX. This can lead to th...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from double deallocation in incorrect paths, potentially leading to memory corruption...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of reference counts during error handling paths. This issue may lead to resourc...

PT-2026-36340

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SMB client during SMB1 UNIX mounts. When the cifs mount get tcon function is called, the cifs sb-mnt cifs flags variable may be read or updated before the reset ci...

CLSA-2026-1777548161 Fix CVE(s): CVE-2023-31486

SECURITY UPDATE: HTTP::Tiny does not verify TLS certificates by default - debian/patches/CVE-2023-31486.patch: flip verifySSL default from 0 to 1 in cpan/HTTP-Tiny/lib/HTTP/Tiny.pm; add PERLHTTPTINYSSLINSECUREBYDEFAULT escape-hatch env var; update POD SSL SUPPORT - TLS/SSL SUPPORT,...

CLSA-2026-1777542146 vim: Fix of 3 CVEs

CVE-2023-1170: at the end of doput ops.c, clamp the cursor column back to the line length and recompute coladd under virtualedit=all so a Visual block put past the new NUL no longer leaves the cursor pointing past end-of-line. - CVE-2023-1175: in opyank ops.c, when the yank starts inside a...

Exploit for CVE-2026-41940

cpanel2shell-scanner A high-fidelity scanner for the cPanel/W...

Use of Password Hash Instead of Password for Authentication

Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Use of Password Hash Instead of Password for Authentication through the...

CVE-2026-36957

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

CVE-2026-36957

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

CVE-2026-36957

The affected device is the Dbit Router, firmware V1.0.0 (Dbit N300 T1 Pro Easy Setup Wireless Wi‑Fi Router). The vulnerability is in the Boa web server URI handler, which can be exploited by sending a high-volume flood of HTTP GET requests to non-existent URIs, causing resource exhaustion (file d...

Server-side Request Forgery (SSRF)

Overview xhs-mcp is a XiaoHongShu CLI and MCP Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the xhspublishcontent MCP tool when processing the mediapaths argument. An attacker can access internal resources or perform unauthorized network requests ...

CVE-2026-7417

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...

EUVD-2026-26294

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhspublishcontent of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument mediapaths results in server-side request forgery. The attack may be initiated remotely...